Internet DRAFT - draft-li-core-coap-size-option
draft-li-core-coap-size-option
core K. Li
Internet-Draft L. Tian
Intended status: Standards Track B. Leiba
Expires: April 23, 2012 Huawei Technologies
October 21, 2011
CoAP Option Extension : Size
draft-li-core-coap-size-option-02
Abstract
This document defines an extension to the Constrained Application
Protocol (CoAP) to add a new option Size, which is used to indicate
the resource size in a PUT/POST request or in a GET response.
Note
Discussion and suggestions for improvement are requested, and should
be sent to core@ietf.org.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 23, 2012.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Li, et al. Expires April 23, 2012 [Page 1]
�
Internet-Draft CoAP-Size-Option October 2011
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Justification . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Size Option Extension . . . . . . . . . . . . . . . . . . . . . 4
2.1. Size Option Definition . . . . . . . . . . . . . . . . . . 4
2.2. Using the Size Option . . . . . . . . . . . . . . . . . . . 4
3. Interaction with Block option . . . . . . . . . . . . . . . . . 5
3.1. Usage in POST/PUT Request . . . . . . . . . . . . . . . . . 5
3.2. Usage in GET Response . . . . . . . . . . . . . . . . . . . 5
4. How to merge into Block draft . . . . . . . . . . . . . . . . . 5
4.1. The Size option . . . . . . . . . . . . . . . . . . . . . . 5
4.2. Using the Size option . . . . . . . . . . . . . . . . . . . 6
4.3. Example . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
6. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 8
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 8
9. Normative References . . . . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8
Li, et al. Expires April 23, 2012 [Page 2]
�
Internet-Draft CoAP-Size-Option October 2011
1. Introduction
This specification adds a new option Size to the Constrained
Application Protocol (CoAP). The main purpose is to indicate the
resource size in a PUT/POST request, or in a GET response.
1.1. Justification
If the requester wants to retrieve large resource data using a GET
request, it is better to know in advance the size of the resource
data. Currently in the Link Format [I-D.ietf-core-link-format]
specification, the maximum size estimate attribute "sz" is defined to
give an indication of the estimated maximum size of the resource
data. By using this, the requester is able to know whether it is
capable to accept the resource data. However it is not possible for
the requester to know exactly how many blocks will be transmitted,
therefore, concurrent GET can't be supported.
Also in a POST/PUT request (for example, a firmware update), it is
not possible for the recipient to know in advance what is the size of
the data to be transmitted. According to the current CoAP
[I-D.ietf-core-coap] specification, when transmitting large data, the
recipient will return an error code 4.13 (Request Entity Too Large)
to the requester when the data size is too big to be accepted by the
recipient. In this case the whole transmission has failed, and the
previous received data will be useless. This is a waste of
transmission resources.
This document adds the new Size Option to provide the capability to
indicate the accurate size in a GET response or in a POST/PUT
request.
By using the Size Option in a GET response, the CoAP Server can let
the requester know the actual size of the resource in advance. This
is especially useful for large resources, and can facilitate the
requester to allocate enough buffer space before transmission. Also,
using the block size, the requester can calculate the total number of
blocks and can use concurrent GET requests to retrieve resource data
using the Block Option. Finally, the recipient can check the
resource size after the data transmission has been completed.
By using the Size Option in a PUT/POST request, the requester can
indicate the resource size in the first Block Option message, to let
the recipient know the resource data size in advance. If the
recipient is not able to receive the data with the indicated size,
the recipient can tell the requester in a response code, avoiding the
cost of the actual data transmission.
Li, et al. Expires April 23, 2012 [Page 3]
�
Internet-Draft CoAP-Size-Option October 2011
1.2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2. Size Option Extension
2.1. Size Option Definition
+------+-----+-------+-----------+--------+---------------+
| Type | C/E | Name | Data type | Length | Default |
+------+-----+-------+-----------+--------+---------------+
| 18 | E | Size | uint | 0-4 B | |
+------+-----+-------+-----------+--------+---------------+
2.2. Using the Size Option
The Size Option is used to indicate the size of the resource data
measured in bytes.
The GET request including Size=0 is treated as a request to get the
size of the resource representation (but not the resource payload).
The GET request including an empty Size option is treated as a
request to get the size of the resource representation with the
resource payload.
The Size option MUST be included in the GET response, if the Size
option is present in the request.
Also it SHOULD be used in a POST/PUT request in the first Block
Option message.
The Size option SHOULD be included for resources larger than a single
PDU, if the Size information is available. And it MAY be included
for resources smaller than a single MTU.
In the absence of the option, the size of the resource data is
calculated after the data has been transmitted to the recipient,
either from the CoAP payload length or based on number of blocks and
block size.
If the Size option is specified it SHOULD be accurate at that time,
and SHOULD NOT be an estimate.
Li, et al. Expires April 23, 2012 [Page 4]
�
Internet-Draft CoAP-Size-Option October 2011
But due to the dynamic change of the resource data, the Size may not
be accurate. If the value of Size option is not the same as the
actual transmitted data, the recipient MUST take the size of the
actual transmitted data as accurate, and ignore the Size option. In
case that the recipient gets all the data but it is still smaller
than the announced Size, the recipient SHOULD stop the transmission.
If the recipient finds out the transmitted data reaches the Size
limit, and there's more data left, the recipient SHOULD continue to
transmit the remaining data.
This option is "Elective". It MUST NOT occur more than once.
3. Interaction with Block option
3.1. Usage in POST/PUT Request
In a PUT/POST request for large resource data, the requester SHOULD
use the Size option to indicate the size of the resource. If the
recipient is not capable to receive the data with the indicated size,
the recipient MUST return a 4.13 (Request Entity Too Large) response
code to the requester, and the data transmission is avoided, so that
the cost of the actual data transmission is saved.
3.2. Usage in GET Response
In a GET response for large resource data, the CoAP Server SHOULD use
the Size option to indicate the resource size and return the first
block data. The requester can calculate the number of blocks to be
transferred based on the block size and the resource size, and use
concurrent GET requests to retrieve resource data. Also, when the
client determines it cannot process data of this Size, it MAY choose
to abort and not to send subsequent GETs.
4. How to merge into Block draft
This section introduces how to merge the Size option draft into Block
draft with the minimum functionalities.
4.1. The Size option
This section will work as section 2.3 in Block draft.
Li, et al. Expires April 23, 2012 [Page 5]
�
Internet-Draft CoAP-Size-Option October 2011
+------+-----+-------+-----------+--------+---------------+
| Type | C/E | Name | Data type | Length | Default |
+------+-----+-------+-----------+--------+---------------+
| 18 | E | Size | uint | 1-4 B | |
+------+-----+-------+-----------+--------+---------------+
4.2. Using the Size option
This section will work as section 2.4 in Block draft.
The Size Option is used to indicate the size of the resource data
measured in bytes.
The Size option SHOULD be used in a POST/PUT request in the first
Block Option message. If the recipient is not capable to receive the
data with the indicated size, the recipient MUST return a 4.13
(Request Entity Too Large) response code to the requester, and the
data transmission is avoided, so that the cost of the actual data
transmission is saved.
For a GET request, if it includes an empty Size option, the Size
option MUST be included in the response. If the GET request includes
a Block option, the Size option SHOULD be included in the first Block
response. In other cases the GET response MAY contain a Size option.
If the Size option is specified, it SHOULD be accurate at that time,
and SHOULD NOT be an estimate.
The option is "Elective". It MUST NOT occur more than once.
4.3. Example
Example as indicated as Figure 2 in this draft can be added in
section 3 in the Block draft.
5. Examples
This section gives a number of short examples with message flows to
illustrate the use of Size option in a GET response, or in a PUT/POST
request.
The first example (Figure 1) shows that the requester does not know
the resource data size, and sends the GET request, the recipient can
send back the resource size using the Size option and the first
block. In the subsequent GET request, the requester can calculate
the number of blocks and use concurrent GET requests to retrieve the
resource data.
Li, et al. Expires April 23, 2012 [Page 6]
�
Internet-Draft CoAP-Size-Option October 2011
CLIENT SERVER
| |
| CON [MID=1234], GET, /status ------> |
| |
| <------ ACK [MID=1234], 2.00 OK, 0/1/128, Size: 5000 |
| |
| CON [MID=1235], GET, /status, 1/0/128 ------> |
| |
| <------ ACK [MID=1235], 2.00 OK, 1/1/128 |
| |
| ... ... |
| |
| CON [MID=1280], GET, /status, 40/0/128 ------> |
| |
| <------ ACK [MID=1280], 2.00 OK, 40/0/128 |
| |
Figure 1: Size Option in a GET response
The second example (Figure 2) shows the requester sending a PUT
request with the Size option to indicate the resource data size, and
since the recipient determines that the resource data is too large to
be accepted, it sends back a 4.13 (Request Entity Too Large) response
code.
CLIENT SERVER
| |
| CON [MID=1234], PUT, /options, 1/0/128, Size: 5000 ----> |
| |
| <------ ACK [MID=1234], 4.13 Request Entity Too Large |
| |
Figure 2: Size Option in a PUT request
6. Security Considerations
As the size option is used to determine whether or not the reciepient
will accept the data, lying about it can cause the recipient to make
a wrong decision. For example, an attacker might reduce the reported
size such that the recipient will accept, even when it cannot process
the complete data.
Related is another attack, where the attacker changes the reported
size to a higher value, leading to the recipient rejecting even when
it has the capability to receive.
The latter attack is similar to an attack where the attacker blocks
Li, et al. Expires April 23, 2012 [Page 7]
�
Internet-Draft CoAP-Size-Option October 2011
the packets altogether; although it is more efficient since the
attacker only needs to modify one message. The former attack needs
serious consideration at implementation level, especially concerning
possible buffer overflows that might lead to data leaking into the
code.
7. IANA Considerations
The IANA is requested to add the following Option Number entry.
+--------+---------------+----------------+
| Number | Name | Reference |
+--------+---------------+----------------+
| 18 | Size | Section 2 |
+--------+---------------+----------------+
8. Acknowledgements
The authors of this draft would like to thank the participants of the
email discussion on this issue. Thanks to Bert Greevenbosch, Charles
Palmer and Carsten Bormann for the detailed reviews and suggestions.
9. Normative References
[I-D.ietf-core-block]
Bormann, C. and Z. Shelby, "Blockwise transfers in CoAP",
draft-ietf-core-block-04 (work in progress), July 2011.
[I-D.ietf-core-coap]
Shelby, Z., Hartke, K., Bormann, C., and B. Frank,
"Constrained Application Protocol (CoAP)",
draft-ietf-core-coap-07 (work in progress), July 2011.
[I-D.ietf-core-link-format]
Shelby, Z., "CoRE Link Format",
draft-ietf-core-link-format-07 (work in progress),
July 2011.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Li, et al. Expires April 23, 2012 [Page 8]
�
Internet-Draft CoAP-Size-Option October 2011
Authors' Addresses
Kepeng Li
Huawei Technologies
Huawei Base, Bantian, Longgang District
Shenzhen, Guangdong 518129
P. R. China
Phone: +86-755-28974289
Email: likepeng@huawei.com
Linyi Tian
Huawei Technologies
Huawei Base, Bantian, Longgang District
Shenzhen, Guangdong 518129
P. R. China
Phone: +86-755-28978078
Email: tianlinyi@huawei.com
Barry Leiba
Huawei Technologies
Phone: +1 646 827 0648
Email: barryleiba@computer.org
URI: http://internetmessagingtechnology.org/
Li, et al. Expires April 23, 2012 [Page 9]
�
